Skip to content
View briwandt's full-sized avatar

Block or report briwandt

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
briwandt/README.md

briwandt

automation • incident response •  identity security • cloud • detection engineering • CTI • threat research

Focus Areas

  • Identity & Access Management (IAM)
  • Detection Engineering & Adversary Simulation
  • Threat Hunting & Behavioral Analytics
  • Cloud Security (AWS / Azure / GCP)
  • Infrastructure & Security Automation
  • Cyber Threat Intelligence (CTI)
  • Research-Driven Security Operations
  • Incident Response

Current Work

  • Building detection logic for identity-centric attack paths
  • Researching cloud and SaaS persistence techniques
  • Developing automation for IR and enrichment workflows
  • Mapping attacker tradecraft to IAM telemetry
  • Threat hunting across hybrid identity environments
  • Experimenting with detection-as-code pipelines

Technical Domains

Identity & IAM

  • Entra ID / Azure AD
  • Okta
  • Active Directory
  • SSO / Federation
  • Conditional Access
  • Privileged Identity Management
  • OAuth / OIDC / SAML

Detection Engineering

  • Sigma
  • KQL
  • SPL
  • YARA
  • MITRE ATT&CK
  • Detection-as-Code
  • Threat Modeling

Cloud & Infrastructure

  • AWS
  • Azure
  • GCP
  • Terraform
  • Docker
  • Kubernetes
  • CI/CD Security

Security Operations

  • Incident Response
  • Threat Hunting
  • DFIR
  • Log Engineering
  • Telemetry Analysis
  • SOAR Automation
  • CTI Enrichment

Research Interests

  • Identity-based persistence
  • Cloud-native attack paths
  • SaaS abuse techniques
  • Adversary emulation
  • Detection validation
  • Authentication telemetry analysis
  • ATT&CK-informed analytics
  • Human + AI security workflows

Selected Repositories

Detection engineering, automation tooling, cloud security research, identity-focused analytics, and operational security workflows.

Philosophy

Security engineering should reduce uncertainty, not increase complexity.

Research should produce operational outcomes:

  • better detections
  • faster investigations
  • cleaner telemetry
  • stronger identity controls
  • repeatable automation

Connect

Pinned Loading

  1. agent-tesla-malware-analysis agent-tesla-malware-analysis Public

    Malware analysis and reverse engineering report of an obfuscated Agent Tesla-style .NET loader